Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

The Mu-4000 is a 2U (3.5-inch) appliance that performs IP security analysis using a repeatable process. The appliance logs results to gauge the vulnerability of IP-based applications and network devices.

The Mu-4000, which we tapped for the first time during our evaluation of the ZyWall 1050, uses protocols to create the tests that put applications and devices through their paces. It supports almost 30 protocols, including SSH (Secure Shell), TCP and UDP (User Datagram Protocol).

The protocol mutations used to attack systems are based on Mu Security-supplied guidelines for how security products are designed to work, as well as on hacker methodologies and secure programming techniques. The Mu-4000 also can use custom-developed attack scripts.

Further reading

Mu-4000 pricing starts at about $35,000. Protocols are licensed individually, with significant discounts based on the number of components purchased. This pricing makes the Mu-4000 appropriate for device makers and large enterprises. QA (quality assurance) engineers and senior IT implementation managers will get plenty of useful information about a variety of IP devices used (or slated to be used) in the network.

During tests, we updated our Mu-4000 system from Mu Securitys Web site to get attacks designed to reveal machines and software that are susceptible to newly published vulnerabilities.

We used a modest test set, putting the ZyWall 1050 up against SSH Diffie-Hellman Group Exchange Key Requests, SSH banners and SSH messages.

We were able to start running rudimentary tests based on examples from tutorials included with the Mu-4000. However, it will take several months to fully master the platform because of the large number of tests available and the amount of in-depth knowledge required to correctly configure the tests.

The anatomy of our simple tests was as follows: First, we cabled the ZyWall 1050 onto the test ports of the Mu-4000. We also powered the ZyWall 1050 from a power outlet in the Mu-4000 so that the Mu-4000 could power-cycle the ZyWall 1050 if it became unresponsive as a result of attack traffic.

We then configured the testbed by specifying that the endpoint was directly connected while also supplying the IP address of the ZyWall 1050.

We configured the Mu-4000 to passively monitor the syslog data coming from the ZyWall 1050 to determine if the device was responsive while under attack. Configuring monitor settings requires a fair amount of knowledge about the device under test—we spent a significant amount of time determining the exception patterns that would be logged by the ZyWall 1050 to indicate that it was no longer working correctly.